> False! A unique Tor exit IP that visits site1.com then site2.com won't> compromise same person visited those sites or tow different person who> used same Tor exit IP at the same time did that, thus anonymity> remains true.
But if one has one fingerprint (the default TBB) and the other an 'undetectable' one, then you can easily differentiate that they are two different users. They both came from Tor exits, so you "know" they're TOR users, but one user changing TBB's signature means they no longer appear as close to identical as possible.
> TBB because when a natural fingerprint is used once then there will be> no enough information available for data miners to link pseudonyms for> deanonymization,
Used once, sure. But over time, it's likely going to get used more than once, unless you're planning on inserting some sort of randomisation to try and prevent that (by making some aspect different each session), but that randomisation then becomes a potential means to identify users who are using "UnidentifiableMode"
> Undetectability is a crucial requirement for privacy protection tools
> and unfortunately seems that Tor developers don't wanna put their time
> on this issue. I hope other folks take this problem serious and do
> something quickly.
I don't _know_ but I suspect it's actually the opposite - thought has previously been put into the feasibility and risk and it's been decided that the current approach should be safer. Making something "Undetectable" is very, very hard as your margin for error is 0 (because 0.01 gives something that someone could use to make it identifiable). Making something common so you can blend into the crowd makes it easier to avoid (potentially) costly mistakes.
Remember that those who are _really_ interested in de-anonymising via fingerprinting are _very_ good at finding means to differentiate between requests, one tiny slip-up is all it would take to make your "Unidentifiable" browser extremely identifiable. You'd then (potentially) be the only client with fingerprint a, coming from a Tor exit.
Even if you didn't slip up, let's say you make your requests look almost exactly like vanilla firefox. If you're the only user using that mode at a given time, every request coming from an exit with your fingerprint is an opportunity to correlate that traffic back to you. There's no immediate proof that all that traffic is you, but volumes would be low enough that you could then start examining requests with an aim to trying to prove it's all one user.
Blending into the crowd is not without it's value.